Creating a Unified Continuous Monitoring Cybersecurity Taxonomy: Gaining Ground by Saying What’s What
Continuous monitoring is a rapidly expanding field where a common taxonomy is key to setting expectations in the field and a consistent understanding around continuous monitoring practices. To resolve this problem, the Shared Assessments Program Continuous Monitoring...
read more
This is Your Career on CTPRP …. Any Questions?
In the late ‘80s, the Partnership for a Drug-Free America ran an advertising campaign with a simple and powerful message. In one of the televised spots, a man cracks an egg (your brain) into a hot skillet (drugs) where it sizzles (your brain on drugs). If we created a...
read more
Enhancing Third Party Provider Risk Management Through Aligning the Contracting, Security and Diligence Functions
As the founder of a law firm and two cybersecurity firms, my clients often reach out to me to manage technology contracts that have cybersecurity and privacy implications. My clients span the small with minimal processes to larger firms with Chief Information Security...
read more
The Board’s Role in Realizing Effective Risk Management
In practice, governing boards are the last line of defense in ensuring critical risk management processes are effective. However, recent high profile incidents highlight the need for a greater role for boards in mitigating risks. These events serve as a stark example...
read more
The Value of Virtual Assessments
A risk-based determination of whether - and how - to conduct remote assessments of vendors Expert Contributors: Angela Dogan and Andrew Hout Given how much time and money virtual assessment of vendors can save companies and their third party risk management programs,...
read more
What ‘Virtual’ Means When Conducting Assessments
The word virtual’s various meanings include “near enough” and “not physically existing.” When it comes to performing virtual assessments, outsourcers and third parties should keep both definitions top of mind. For all practical purposes, virtual assessments are the...
read more
Are We Heading Back to School for Privacy Changes?
Seasons change and priorities change as we exit the dog days of summer and head into back to school timelines and waning days remaining of legislative sessions. This past month Shared Assessments Program Advisory Board Members and Steering Committee Members...
read more
Shared Assessments’ TPRM Framework – Member Forum Observations
The July 2019 Shared Assessments Member Forum introduced the first sections of the Program’s Third Party Risk Management (TPRM) Framework. The Framework is a new member resource designed to provide TPRM guidance to risk professionals across the experience spectrum....
read more
Mapping: Connecting the Dots in Third Party Risk
The world of third party risk (TPR) is a big place. It encompasses numerous industries, is governed by a variety of laws and regulations, and reaches around the globe. Given this substantial diversity in the TPR ecosystem, establishing standards that appeal to the...
read more
Good Responses to Bad Contracts
Most third party risk managers eventually deal with bad vendor contracts. In most cases, these contracts – which lack important provisions or no longer conform to regulatory requirements or organizational guidelines – pose significant risks to the organization. Many...
read more
6 Ways the CTPRP Designation Benefits Organizations
The Certified Third Party Risk Professional (CTPRP) designation from the Shared Assessments Program validates expertise while providing professional credibility, recognition and marketability in third party risk. Two years after the initial program launch, we created...
read more
Happy One Year GDPR Enforcement Day
It’s hard to believe it’s been one year since the GDPR enforcement took effect (May 25, 2018). For many, the honeymoon (or “honeydo”) hasn’t quite worn off yet, as organizations are still trying to ensure they meet some level of conformity to the most encompassing...
read more
Now Available: 2019 Vendor Risk Management Report
“My dear, here we must run as fast as we can, just to stay in place. And if you wish to go anywhere you must run twice as fast as that.” -Lewis Carol, Alice in Wonderland As they assess today’s complex risk and regulatory environments, third party risk...
read more
Third Party IoT Risk: Companies Don’t Know What They Don’t Know
This third annual study on third party IoT risk, conducted by the Ponemon Institute, helps the industry better understand how organizations are managing the risks created by known and unknown IoT devices. Cyberattacks, data breaches and overall business disruption...
read more
The Realities of Raising Fraud Awareness
Authored by: Emily Irving, VP Third Party Risk, BlackRock and Shared Assessments Steering Committee Vice Chair and Bob Jones, Senior Advisor, The Santa Fe Group If you could print $200 million on your home printer each year, how would it affect the world economy? If...
read more
And the Shared Assessments Awards Go to…
At this year’s Shared Assessments Summit Reception and Awards Ceremony, VIPs were recognized for their investment, time and effort in addressing and mitigating third party risk through the Shared Assessments Program. “Shared Assessments would not be the organization...
read more
A Shared (Assessments) Success
The 12th Annual Shared Assessments Third Party Risk Summit featured the latest thought leadership and best practices in cybersecurity, risk management, vendor management, privacy and assessments featuring provocative topics and engaging keynotes and panelists....
read more
2019 Vendor Risk Management Benchmark Study: Running Hard to Stay in Place
Increasing pressures in the risk and regulatory environments continue to pose severe challenges to vendor risk management (VRM) programs, often offsetting incremental program improvements over the past 12 months. The results of this fifth annual study from Shared...
read more
If Left to Our Own Devices… What the New CCPA Regulations Mean to Risk Management
These days everything’s connected through the Internet, that constantly growing and evolving massive communications network. More and more devices are being connected (75 billion or so by 2025), forming a complex interrelated platform or ecosystem commonly referred to...
read more
Shared Assessments Takes Top InfoSec Awards
Just when you thought awards season was over.... Shared Assessments was honored with two awards for SC Magazine's celebration of 30 years in cybersecurity. The Shared Assessments Program was named one of the Most Important Industry Organizations of the Last 30 Years....
read more
